A Chief Human Resources Officer’s Checklist About GDPR

Seems like it’s not just social media accounts and phones depriving us of our privacy, talent management systems and employment practices too are involved in making us a little less private person.

New GDPR (General Data Protection Regulation) legislation are here to protect the privacy of individuals. And why not? With a clear proof of Cambridge Analytica and the doubtful case of Facebook listening to our conversations on phone, regulations were needed for a long time. But it did come, eventually.

This new rule isn’t limited to European businesses that are in possession of the European Union (EU) citizen’s data but encompasses even those enterprises which are working with the European businesses. In a sense, it refers to a global law for data protection. Chief of human resources all over the world have accepted the dynamics of it.

They are concerned about how are they going to streamline data needs to the new GDPR regulations when all sorts of data used for the identification of an individual like genetic, psychological, socioeconomic, religious, and cultural fall under the purview of GDPR. Here’s a checklist for a chief human resources officer to abide by:

Data Protection Impact Assessment (DPIA): Every time a new project is planned that involves the storage of personal data in permanent systems, DPIA has to be tested against.

Raising a voice on data breach: If data breach happens in spite of every precaution, the local authorities on data protection have to be notified within 72 hours of knowing about the data breach. What does that mean for organizations? This mean, they are expected to have processes and technologies in place for the detection and breach of data within the stipulated time period. In order to have a substantial employee training in place and foolproof internet data security policies, the chief human resources officer has to plan, execute, and implement a lot of changes.

Right to be forgotten: GDPR is in agreement with the principle of data minimalisation. This principle requires organizations to use only as much as data as is required. If the data isn’t required for the purpose as the initial one, it must be deleted. Also, customers have the full right to refuse the organizations do not use their data. All data, no matter how downstream of the process it might have been saved to, have to be deleted.

It’s the responsibilities of the chief of human resources to adhere to these new regulations or else face the music. And the cost of music is not less (pun intended). Not complying with the new regulations can result in a fine of 20 million Euros or else 4% of the global revenue of the company.

When the biggest of companies like Facebook can fail in the protection of data, the focus has shifted to the importance of data and the egregious use, the breach of it can lead to. The reason, chief of human resources of major companies, are on their privacy safeguarding best.